REMARKS 

In the Office Action mailed October 04, 2007, the Office took the following 
action: (1) requested affirmation of the elections in response to the restriction 
requirement; (2) rejected claims 31-34, 37-39, and 50-51 under 35 U.S.C. §101 as 
directed to non-statutory subject matter; (3) rejected claims 1-4, 7-14, 31-34, 37- 
41, 44-46, and 50-51 under 35 U.S.C. §112, second paragraph, as being 
incomplete for omitting essential steps; (4) rejected claims 50-51 under 35 U.S.C. 
§112, second paragraph, as being indefinite; (5) rejected claims 1-2, 7-13, and 50 
under 35 U.S.C. § 103(a) as being unpatentable over Miliefsky, U.S. Patent 
Publication No. 2005/0044418 (hereinafter "Miliefsky") in view of Moshir et al, 
U.S. Patent Publication No. 2004/0003266 (hereinafter "Moshir"); (6) rejected 
claims 3-4, 14, and 51 under 35 U.S.C. § 103(a) as being unpatentable over 
Miliefsky in view of Moshir in view of Date ("An Introduction to Database 
System") (hereinafter "Date"); and (7) rejected claims 31-34, 37-41, and 44-46 
under 35 U.S.C. § 103(a) as being unpatentable over Moshir in view of Date. 
Applicants have canceled claims 50-53. Applicants respectfully traverse and 
further request reconsideration and withdrawal of the rejections in light of the 
following remarks. 

Telephone Interview 

Applicants thank the Examiner for the telephone interview conducted on Tuesday, 
January 22, 2008. During the telephone interview, Applicants' attorney, Damon Kruger, 
discussed the rejections under §1 12 and § 103(a) of the pending Office Action. 
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Regarding the §112, second paragraph, rejection, Applicants' attorney presented 
arguments, some of which are reproduced below for the Examiner's subsequent 
consideration. In addition, Applicants have added additional remarks below which 
specifically address the Examiners concern regarding "omitted steps" in the independent 
claims as compared to Figure 3. No agreement was reached with the Examiner on this 
rejection. However, the Examiner is thanked for conveying his concerns regarding the 
§112 rejection which will further enable Applicants to address the rejection at issue. 

Regarding the § 103(a) rejection, Applicants' attorney presented two arguments 
consisting of elements in claim 1 that Applicants submit are not taught by the relied upon 
art. The first element of claim 1 includes "while the security engine continues to 
operate according to previous rules." Applicants' attorney understood the 
Examiner to agree that the Office Action did not address this feature from claim 1. 

The second element of claim 1 includes "substantially concurrently." 
Applicants' attorney presented an analysis of Moshir, paragraphs [0075]-[0076], 
submitting that Moshir' s rollback is not "substantially concurrently" because 
Moshir installs (switches) a computer program on a first computer to test it (see 
paragraph [0075]), and then rolls out the program to the rest of the computers, thus 
not having a switch that occurs "substantially concurrently" for all systems as 
recited in claim 1. On this issue, the Examiner and Applicants were unable to 
reach a consensus. Applicants thank the Examiner for considering the above 
arguments. These, and other remarks, are included below under their respective 
sections to assist the Examiner in more fully understanding the Applicants' 
position on the rejections under § 103(a). 
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Rejections under 35 U.S.C. §101 

The Office rejected claims 31-34, 37-39, and 50-51 under 35 U.S.C. §101 
as directed to non-statutory subject matter under 35 U.S.C. §101 as directed to 
non-statutory subject matter. In the Office Action, the Office suggested 
"amending 'computer readable medium' to 'computer storage medium.'" (Office 
Action, page 3, paragraph 3, lines 5-7). Without additional comment and without 
prejudice as to the merits of the rejection, Applicants have amended claims 31-34, 
37-39 to recite "computer storage medium." 

Accordingly, Applicants respectfully request reconsideration and 
withdrawal of the rejection to claims 31-34 and 37-39 under 35 U.S.C. §101. 
Claims 50-51 have been canceled. 

Rejections under 35 U.S.C. §112. second paragraph 

The Office rejected claims 1-4, 7-14, 31-34, 37-41, 44-46, and 50-51 under 
35 U.S.C. §112, second paragraph, as being incomplete for omitting essential 
steps, such omission amounting to a gap between the steps. See MPEP §2172.01. 
In particular, the Office states on page 4-5 of the Office Action with reference to 
Figure 3: 

1) "Regarding claims 1-4, 7-14, the omitted steps are: steps 306-312 and 316," 

2) "Regarding claims 31-34, 37-39, the omitted steps are: steps 306-310 and 
316," 

3) "Regarding claims 40-41, 44-46, the omitted steps are: steps 304-310 and 
316," and 

4) "Regarding claims 50-51, the omitted steps are: steps 306-3 12 and 316." 
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As an initial matter, Applicants respectfully object to the Office's citation 



of "steps" to describe each process in a flowchart. In particular, Applicants submit 
that the processes and/or subprocesses disclosed in Figure 3 may be preformed in 
any order, in series or parallel, and therefore are not "steps" that may include a 
connotation that they must be completed in consecutive order. Herein, Applicants 
use the term "step" as being synonymous with the term "process," and will use the 
term accordingly throughout this Response to Office Action. 

Applicants reproduce relevant portions of MPEP §2172.01 below: 

A claim which omits matter disclosed to be essential to the invention 
as described in the specification or in other statements of record may 
be rejected under 35 U.S.C. 112, first paragraph, as not enabling. In 
re Mayhew, 527 F.2d 1229, 188 USPQ 356 (CCPA 1976). See also 
MPEP § 2164.08(c). Such essential matter may include missing 
elements, steps or necessary structural cooperative relationships of 
elements described by the applicants) as necessary to practice the 
invention. 

In addition, a claim which fails to interrelate essential 
elements of the invention as defined by applicant(s) in the 
specification may be rejected under 35 U.S.C. 112, second 
paragraph, for failure to point out and distinctly claim the invention. 
See In re Venezia, 530 F.2d 956, 189 USPQ 149 (CCPA 1976); In re 
Collier, 397 F.2d 1003, 158 USPQ 266 (CCPA 1968). 

(MPEP §2172.01, emphasis added). As shown above, The MPEP states the 
elements must be (1) not disclosed in the claims, and (2) essential, as described by 
the applicant(s) as necessary to practice the invention. Without addressing 
whether claims 1, 31, 40, and 50 "disclose" the elements shown in Figure 3, 
Applicants submit that the elements are not "essential" because they are not 
"described by the applicant(s) as necessary to practice the invention" as required 
under MPEP §2172.01. 
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Applicants' specification on page 19, lines 9-10 states "Fig. 3 is a flowchart 
illustrating another example process 300 for updating a security policy." 
(Emphasis added). As such, the process described with relation to Figure 3 is an 
example of one of many possible approaches to providing a solution of the present 
disclosure. Therefore, the description of Figure 3 does not disclose "essential" 
steps or processes and MPEP §2172.01 does not apply to claims 1, 31, and 40. 

In addition, the MPEP provides exceptions to the above quoted case law: 

But see Ex parte Nolden, 149 USPQ 378, 380 (Bd. Pat. App. 
1965) ("[I]t is not essential to a patentable combination that there be 
interdependency between the elements of the claimed device or that 
all the elements operate concurrently toward the desired result"); Ex 
parte Huber, 148 USPQ 447, 448-49 (Bd. Pat. App. 1965) (A claim 
does not necessarily fail to comply with 35 U.S.C. 112, second 
paragraph where the various elements do not function 
simultaneously, are not directly functionally related, do not directly 
intercooperate, and/or serve independent purposes.) 

(MPEP §2172.01). As stated in Ex Parte Huber, where the various elements do 
not function simultaneously, among other instances, the claim does not necessary 
fail under Section 1 12, second paragraph. As shown in Figure 3 and described in 
the specification from page 9, line 19 to page 20, line 22, the elements 
(processes/steps) are not described as occurring simultaneously. In fact, 
simultaneous processing would not allow the process to successfully operate 
because each process requires time consuming actions to occur before another 
process can begin. Therefore, under Ex Parte Huber, Applicants submit that 
claims 1, 31, and 40 point out and distinctly claim the invention as required under 
§ 1 12, second paragraph and MPEP §2172.01 . 
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In addition, Applicants submit that "omitted steps" may be implicitly 
included in the independent claims. For discussion, Applicants focus on claim 1 
where the Office rejected claim 1 for omitting "steps" 306-312 and 316. Claim 1 
includes the recitation "after each of the plurality of security engines is ready to 
begin using the new security policy." Applicants submit that at least this recitation 
supports the process (steps) including in Figure 3, blocks 306-312, and therefore 
enables claim 1. Regarding block 316 which states "discarding results of 
processing new rales and/or data," Applicants submit that this "step" is not 
necessary to enable claim 1. In fact, claim 1 may be enabled with only a portion 
of the processes included in Figure 3. 

Claims 2-4 and 7-14 depend from claim 1; claims 32-34 and 37-39 depend 
from claim 3 1; and claims 41 and 44-46 depend from claim 40, thus claims 2-4, 7- 
14, 32-34, 37-40, and 44-46 are believed to be in compliance with 35 U.S.C. §112, 
second paragraph for their reliance on allowable base claims. Claims 50-51 have 
been canceled. 

Accordingly, Applicants respectfully request reconsideration and 
withdrawal of the rejection to claims 1-4, 7-14, 31-34, 37-41, and 44-46 under 35 
U.S.C. §112, second paragraph. 

Rejections under 35 U.S.C. §103(a) 

The Office rejected claims 1-2, 7-13, and 50 under 35 U.S.C. § 103(a) as 
being unpatentable over Miliefsky in view of Moshir, rejected claims 3-4, 14, and 
51 under 35 U.S.C. § 103(a) as being unpatentable over Miliefsky in view of 
Moshir in view of Date and rejected claims 31-34, 37-41, and 44-46 under 35 
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U.S.C. § 103(a) as being unpatentable over Moshir in view of Date. Applicants 
respectfully traverse. 

Miliefsky generally pertains to providing "proactive network security 
systems that protect against hackers and may automatically find, report, and 
communicate with countermeasures and remove the common vulnerabilities and 
exposures (CVEs) that they exploit." (Summary). 

Moshir generally pertains to discovering software updates, discovering if a 
given computer can use the software update, and then updating the computers with 
software as needed automatically across a network without storing the updates on 
an intermediate machine within the network. (Summary). In addition, Moshir 
pertains to detecting failures, stopping a rollout, and removing software from 
computers that were already updated. (Id.). 

In particular, Applicants respectfully submit that the relied upon references 
do not teach the following claimed features: (1) "each of the plurality of security 
engines processing at least a portion of the new security policy to establish new 
rules for operation of the security engine while the security engine continues to 
operate according to previous rules" as recited in claim 1; (2) "switching, after 
each of the plurality of security engines is ready to begin using the new security 
policy, each of the plurality of security engines to the new rules substantially 
concurrently," as recited in claim 1; (3) "continue to use a previous set of rules 
and associated data until an indication to begin using the new set of rules and 
associated data is identified," as recited in claim 31; and (4) "using a previous set 
of rules until an indication to begin using the new set of rules is received," as 
recited in claim 40. Applicants will now discuss each independent claim in turn. 
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Claim 1 



Applicants' claim 1 recites: 

A method, implemented in a computing device, the method 
comprising: 

accessing a new security policy to be implemented by a 
plurality of security engines of the computing device and to be used 
by the plurality of security engines in place of a current security 
policy; 

each of the plurality of security engines processing at least a 
portion of the new security policy to establish new rules for 
operation of the security engine while the security engine continues 
to operate according to previous rules; and 

switching, after each of the plurality of security engines is 
ready to begin using the new security policy, each of the plurality of 
security engines to the new rules substantially concurrently. 

Applicants submit that Miliefsky and Moshir, either singly or in 
combination assuming arguendo that such combination is proper, fail to teach or 
suggest the recitations of claim 1 for at least two reasons. First, the relied upon 
references do not teach "each of the plurality of security engines processing at 
least a portion of the new security policy to establish new rules for operation of the 
security engine while the security engine continues to operate according to 
previous rules" The Office appears to rely on Miliefsky as teaching the above 
recitations, although the Office does not specifically identify a citation in the 
relied upon art for this recitation nor provide any discussion of this recitation. 
Applicants submit that neither Miliefsky nor Moshir teach "while the security 
engine continues to operate according to previous rules," as is presently claimed. 
In particular, Moshir teaches testing new software on a computer: "For example, 
one embodiment of the monitor will test a patch application by having it installed 
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on only one target computer." (Moshir, page 6, paragraph [0075]). However, this 
is not equivalent to "each of the plurality of security engines processing at least a 
portion of the new security policy to establish new rules for operation of the 
security engine while the security engine continues to operate according to 
previous rules," as recited by claim 1 . 

Second, the relied upon references to do not teach or suggest "switching, 
after each of the plurality of security engines is ready to begin using the new 
security policy, each of the plurality of security engines to the new rules 
substantially concurrently" as is presently claimed. The Office states, "Miliefsky 
does not disclose switching, after each of the plurality of security engines is ready 
to begin using new security policy, each of the plurality of security engines to the 
new rules substantially concurrently." (Office Action, page 6, lines 10-12). 
Applicants agree with the Office regarding this statement. However, the Office 
relies upon Moshir as teaching these recitations, with which the Applicant does 
not agree. 

The Office states, "Specifically, Moshir discloses that the security policies 
for the plurality of security engines are updated at the same time, i.e., a scheduled 
rollout, and each security engine is to report the result of the update, whether a 
success or failure/error." (Office Action, page 6, lines 15-18, emphasis added). 
Applicants provide the relevant sections of Moshir that were cited by the Office. 
First, paragraph [0030] discusses installation and rollback as follows: 

[0030] A monitor checks to see that the software installs properly on 
the target 202, 208, and then continues checking (or can be notified) 
to ensure that the updated software runs correctly and that the target 
computer itself doesn't experience any problems in what appear to be 
unrelated areas. Should the package fail to install properly, or create 
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problems for the software program that was patched, or create other 
problems on the target computer, the package can be automatically 
removed and the computer restored to its preinstalled state or 
another acceptable state in which the update has been removed or 
disabled, and the target computer is in a workable state. If the 
package has been installed on more than one computer, they all can 
be removed. If the error occurs in the middle of a rollout to many 
computers, the rollout can be halted and the software removed or 
disabled. The monitor may be located on the update server 220, on a 
repository site 600, at least partially in the update agent 204, 210, 
and/or in a combination of such locations. 

(Moshir, paragraph [0030], emphasis added). However, this does not indicate or 
even imply "switching, after each of the plurality of security engines is ready to 
begin using the new security policy, each of the plurality of security engines to the 
new rules substantially concurrently." 

In addition, Moshir includes the following paragraphs that were relied upon 
by the Office. 

[0075] If the monitoring step detects a failure 316, then the task that 
failed is suspended 318. The first download 308 to the update server 
528 could fail, as could the second download from the update server 
528 to the target computer 500. If there are multiple target 
computers having the software update installed, the Nth installation 
could fail, and so on. Determining results preferably goes beyond 
simply ensuring that the software update appears to have installed 
properly, and in some embodiments of the invention extends for a 
time beyond the installation. For example, one embodiment of the 
monitor will test a patch application by having it installed on only 
one target computer, assuring that it downloads properly, installs it 
and then watching it for some period of time until the administrator 
who sets the time delay gains enough confidence in the patch to 
allow it to be applied to other target computers. Should the 
application of this patch cause abnormal activity, as noticed by 
undesirable behaviors either in the program whose software was 
modified or elsewhere in the computer, the rollout can be 
automatically suspended until the problem is resolved. 
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[0076] Furthermore, in some instances when failure is detected the 
software update is disabled or removed 324 from the target 
computer, and that machine is returned substantially to its pre- 
update state or another acceptable (working) non-update state. This 
may mean that the installed software is taken off the target machine 
322; or that not only is the software removed, but all the ancillary 
files (.dll's, .exe's, etc.) are restored to their pre-update state. In other 
instances it may mean that the target computer or some portion 
thereof was backed up before the software update was installed, and 
the backup itself is restored onto the machine. 

(Moshir, paragraphs [0075]-[0076], emphasis added). First, paragraph [0075] 
provides an example having a target computer installing a download and then 
using it. Further, paragraph [0076] discloses, "machine is returned substantially to 
its pre-update state or another acceptable (working) non-update state." Applicants 
submit that this disclosure in Moshir actually teaches away from the recitations 
including "substantially concurrently" as recited in claim 1. In particular, 
Applicants submit that Moshir does not teach or suggest "updated at the same 
time, i.e., a scheduled rollout," and further that a "scheduled rollout" does not 
imply "the same time." As described above in the quoted paragraphs of Moshir, 
the description of a rollout describes a one-after-another or consecutive-type of 
rollout spreading over a period of time. Thus, Moshir teaches away from a rollout 
that is "substantially concurrently" as recited in claim 1 . 

Claims 2-4 and 7-14 depend from claim 1, and thus are believed allowable 
at least for their dependency on the allowable base claim 1. Further, the additional 
limitations in these dependant claims provide limitations which are not taught by 
the cited reference. Although all dependant claims may recite limitations not 
disclosed by Blair, only one claim is discussed below for sake of brevity. 
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Applicants respectfully submit that the above references, including Date, do 
not teach the recitations of claim 14. More specifically, they do not teach at least 
"writing a value to a shared data structure; and firing an event across all of the 
security engines at once." More specifically, the "commit" process disclosed by 
Date does not teach "firing an event across all of the security engines at once." 

Accordingly, Applicants respectfully request reconsideration and 
withdrawal of the rejections to claims 1-4 and 7-14. 



Claim 31 

Applicants' claim 31 recites: 

One or more computer readable storage media having one or 
more instructions that, when executed by one or more processors, 
causes the one or more processors to: 

receive an indication of a new security policy to be used; 

generate a new set of rules having associated data based on 
the new security policy; 

continue to use a previous set of rules and associated data 
until an indication to begin using the new set of rules and associated 
data is identified; and 

using, upon identifying the indication, the new set of rules 
and associated data. 

Applicants submit that Moshir and Date, either singly or in combination 
assuming arguendo that such combination is proper, fail to teach or suggest 
"continue to use a previous set of rules and associated data until an indication to 
begin using the new set of rules and associated data is identified." Applicants rely 
on at least the reasoning above as applied to claim 1 in support of claim 31. In 
particular, Applicants submit that Moshir fails to explicitly teach "continue to use 
a previous set of rules." 
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Claims 32-34 and 37-39 depend from claim 31, and thus are believed 
allowable at least for their dependency on the allowable base claim 31. Further, 
the additional limitations in these dependant claims provide limitations which are 
not taught by the cited reference. Although all dependant claims may recite 
limitations not disclosed by Blair, only one claim is discussed below for sake of 
brevity. 

Applicants submit that Date fails to teach or suggest "identifying, in a 
shared data structure, a value indicating to begin using the new set of rules and 
associated data; and detecting that an event being polled has been fired," as recited 
in claim 38. Applicants rely on at least similar reasoning as presented above 
regarding claim 14. 

Accordingly, Applicants respectfully request reconsideration and 
withdrawal of the rejections to claims 3 1-34 and 37-40. 

Claim 40 

Applicants' claim 40 recites: 

A method, implemented in a security engine of a computing 
device, the method comprising: 

receiving a new set of rules to be enforced; 

using a previous set of rules until an indication to begin using 
the new set of rules is received; and 

enforcing, in response to receipt of the indication, the new set 
of rules. 

Applicants submit that Moshir and Date, either singly or in combination 
assuming arguendo that such combination is proper, fail to teach or suggest "using 
a previous set of rules until an indication to begin using the new set of rules is 
received." Applicants rely on at least the reasoning above as applied to claim 1 in 
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support of claim 40. In particular, Applicants submit that Moshir fails to explicitly 
teach "using a previous set of rules until an indication." 

Claims 41 and 44-46 depend from claim 40, and thus are believed 
allowable at least for their dependency on the allowable base claim 40. Further, 
the additional limitations in these dependant claims provide limitations which are 
not taught by the cited reference. Although all dependant claims may recite 
limitations not disclosed by Blair, only one claim is discussed below for sake of 
brevity. 

Applicants submit that Date fails to teach or suggest "identifying, in a 
shared data structure, a value indicating to begin using the new set of rules and 
associated data; and detecting that an event being polled has been fired," as recited 
in claim 45. Applicants rely on at least similar reasoning as presented above 
regarding claim 14. 

Accordingly, Applicants respectfully request reconsideration and 
withdrawal of the rejections to claims 41 and 44-46. 
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Conclusion 



Claims 1-4, 7-14, 31-34, 37-41, and 44-46 are in condition for allowance. 
Applicants respectfully request reconsideration and issuance of the subject 
application. Should any matter in this case remain unresolved, the undersigned 
attorney respectfully requests a telephone conference with the Examiner to resolve 
any such outstanding matter. 



Respectfully Submitted, 



Lee & Hayes, PLLC 





Reg. No. 38,222 



Damon J. Kruger 



Reg. No. 60,400 
(206)315-7918 
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